User Tools

Site Tools


technical_information

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
technical_information [2018/10/30 09:04] – [Intermediary storage] lucytechnical_information [2022/11/25 11:17] (current) lucy
Line 3: Line 3:
 The information herein applies mostly to VM-based LUCY distributions (VMware Workstation, VMware ESXi, VirtualBox and Amazon) as LUCY installations on custom dedicated servers may have different configurations. The LUCY server contains different components. Those components are already installed when using our images (Vmware/AMI etc.) or are installed when using the Linux installer. The information herein applies mostly to VM-based LUCY distributions (VMware Workstation, VMware ESXi, VirtualBox and Amazon) as LUCY installations on custom dedicated servers may have different configurations. The LUCY server contains different components. Those components are already installed when using our images (Vmware/AMI etc.) or are installed when using the Linux installer.
  
-{{ setup_all_in_one.png?600 }}+{{ setup_all_in_one.png?400 }}
  
 ==== LUCY Vmware technical components ==== ==== LUCY Vmware technical components ====
Line 41: Line 41:
 ==== Operating System ==== ==== Operating System ====
  
-Starting from 4.3, LUCY is running on a 64-bit **Debian 9 (Stretch)** system. There are no system patches or hardenings applied - LUCY uses a vanilla Debian distribution without any additions. The system is configured to download updates and new packages from a custom LUCY apt mirror, which has the same IP address, as LUCY license server (make sure it is open on your corporate firewall). The operating system gets updated only when you upgrade LUCY to a new version.+Starting from 4.8.8, LUCY is running on a 64-bit **Ubuntu 20.04 LTS** system. There are no system patches or hardenings applied - LUCY uses a vanilla Ubuntu distribution without any additions. The system is configured to download updates and new packages from a custom LUCY apt mirror, which has the same IP address, as LUCY license server (make sure it is open on your corporate firewall). The operating system gets updated only when you upgrade LUCY to a new version.
  
 ==== Security Settings ==== ==== Security Settings ====
Line 64: Line 64:
  
 ==== Database ==== ==== Database ====
-LUCY stores all related data in **PostgreSQL 9.1** RDBMS. All sensitive information stored in there is encrypted as PostgreSQL is available only for internal connections. There are no configurable options for the DB encryption.  The encryption is mandatory for all data and is performed automatically with the following settings:+LUCY stores all related data in **PostgreSQL 11** RDBMS. All sensitive information stored in there is encrypted as PostgreSQL is available only for internal connections. There are no configurable options for the DB encryption.  The encryption is mandatory for all data and is performed automatically with the following settings:
  
   * It’s a column-level encryption performed on both the application and DB layers before storing any data in the database. We don’t use TDE (transparent database encryption), as PostgreSQL doesn’t support it, so we encrypt only a subset of columns in DB – everything that holds client/attack/recipient-related data.    * It’s a column-level encryption performed on both the application and DB layers before storing any data in the database. We don’t use TDE (transparent database encryption), as PostgreSQL doesn’t support it, so we encrypt only a subset of columns in DB – everything that holds client/attack/recipient-related data. 
Line 81: Line 81:
   * Framework-level SQL injection prevention   * Framework-level SQL injection prevention
   * Framework-level CSRF prevention   * Framework-level CSRF prevention
-  * Lucy partially conforms to "CIS Debian 8" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)+  * Lucy partially conforms to "CIS Debian 9" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)
   * Lucy partially conforms to "CIS PostgreSQL 9.5" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)   * Lucy partially conforms to "CIS PostgreSQL 9.5" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)
 +  * PHP 5.6 is being updated using mirrored [[https://deb.sury.org/|repo]], which contains security patches developed by Microsoft. [[https://github.com/microsoft/php-src/blob/PHP-5.6-security-backports/NEWS|Source]] of the patches.
  
 +
 +VPS servers provided by us are having additional layers of protection.
 +More can be found [[vps_hardening|here]].
  
 ==== Folders ==== ==== Folders ====
technical_information.1540886680.txt.gz · Last modified: 2019/07/25 12:52 (external edit)